How do the onboarding links work? Are they secure?

When you notify your employees they have onboarding tasks to complete, they will receive a unique link to access their tasks and associated downloads. Their unique link includes a SHA256 hashed 64 character identifier, making it very secure due to being extremely 'hard to guess'. We send this to their registered email address so only that employee may access the link. Alternatively, the administrator may copy the link in the Dashboard and provide it directly to the employee, for example in Microsoft Teams chat.

Once received, the employee has limited time to click the link before it expires (the exact time is configurable under Preferences and defaults to 24 hours).  If they click the link outside of that time frame, it will trigger a new onboarding access link to be sent to the registered email address.  Access will only be granted via this new link sent to the employee.

All links are only valid for a limited time which is configurable under Preferences, which defaults to 15 minutes. Once the time limit expires, it may not be re-used and any attempt to do so will trigger the re-validation email described above.